Modern distributed networks often span multiple network mediums and provide a user with access to information and services hosted by a multitude of network resources. For example, it is not uncommon for a remote user to be accessing an on-line banking service, a corporate network, or stream digital media from a remote server connected to the Internet. The resulting interchange of sensitive data and access to premium or protected information necessitate effective user authentication prior to granting access to protected resources.
In general, authentication involves verification of user's identity by matching the information that originates from the user's knowledge, an article in user's possession, or a user's personal attribute. Authentication via information known to the user typically involves matching a user-supplied password, a personal identification number (PIN), or a pass phrase. Typical examples of authentication via an article in the user's possession and via a user's personal attribute respectively involve possession of a smartcard of the type used to pay for public transportation and verification of biometric factors, such as fingerprints or iris patterns.
Authentication methods that require a single form of authentication, for example a password, are referred to as one-factor authentication. Generally, one-factor authentication methods differ in degree of security and reliability. For example, biometric authentication methods, such as fingerprint scanning, are relatively expensive to implement and may be prone to scanning errors, while manual password entry is subject to key-logging attacks. Due to the ever-growing security concerns, it is becoming increasingly common for authentication systems to require multiple authenticating factors. In a two-factor authentication procedure, the user provides two sets of authenticating material (e.g., two passwords). Two-factor authentication is generally deemed to provide stronger security by complicating the would-be attacker's task.
Two-factor authentication is also increasingly common in a mobile environment where mobile devices, including mobile phones, are frequently used to access remote server resources connected to the Internet, as well as to perform point-of-sale transactions. However, the increase in security associated with multifactor authentication comes at a cost: multifactor methods, including two-factor authentication, are generally less convenient for the user than one-factor methods due to the increase in the authenticating information required from the user. Each time a user wishes to access privileged content or a privileged service, he or she must supply extra authenticating factor(s). In the case of dual password authentication, the user must remember two separate passwords, for example. These issues are further exacerbated in a fast-paced mobile environment where a user needs to enter an additional PIN, password, or pass phrase via a small keyboard or dial pad, which is typically an inconvenient and time-consuming process. Typical mobile password database applications, for example, require manual entry of initial login information prior to granting access to the stored password, PIN, and pass phrase material necessary to access a privileged external resource. Furthermore, manual entry of additional authenticating factors does not solve the security risks associated with password, PIN, and pass phrase theft by nearby on-lookers or by key-logging malware within the mobile device.